Vulnerable 4.2.2 WordPress sites are leaking credentials to cybercriminals

Researchers from zScaler have discovered a campaign which is using vulnerable WordPress sites to collect and leak user credentials via a backdoor.

The cybercriminals are doing this via a backdoor which is activated once the WordPress user log in via the login page.